|
|
|
|
Install Agents
The Install Agents page installs the agent on a remote system and creates a new machine ID / group ID account. Install Agents remotely installs the packages created using Deploy Agents.
There are two methods of selecting machines to install agents on:
- A list of machines is displayed on this page that have run LAN Watch. Clicking any LAN Watch machine—sometimes called the "discovery machine"—displays a listing of all discovered machines. Machines without an agent display in red text.
- You can also install an agent by entering an IP address or host name that you know the discovery machine has access to, even if its not listed on the page.
Note: See System Requirements for a list of operating systems agents can be installed on.
Using the Same Operating System for Discovery and Agent Installs
Windows, Macintosh, and Linux agents can discover Windows, Macintosh, and Linux machines on the same LAN using LAN Watch. Agent > Install Agents can only install agents on:
- Windows machines if the LAN Watch discovery machine was a Windows machine.
- Macintosh machines if the LAN Watch discovery machine was a Macintosh machine.
- Linux machines if the LAN Watch discovery machine was a Linux machine.
Note: Macintosh agent install packages require a credential when using Agent > Install Agent, or when installing agents using the /s "silent install" switch.
Note: For Linux machines, the root username alone—without a hostname or domain—must be used.
Selecting Machines using LAN Watch
- Run LAN Watch for a specific range of IP addresses using Agent > LAN Watch.
Note: None of the extra options in LAN Watch need be selected to list discovered machines on this page.
- Select discovered machines in red text. They're the ones without an agent checking into this Kserver.
Selecting a Machine using an IP or Host Name
- Enter the host name or IP address of a machine you know the discovery machine has access to, even if the machine is not listed on the page.
Installing Agents on Selected Machines
- Enter a administrator credential for the machines you've selected.
- If the target machine is on a domain, the administrator credential must include the domain. The username field must be in the form
domain\administratororadministrator@domain. If the target machine is not on a domain, then the administrator credential must include the hostname in the formhostname\administrator. For Linux machines, therootusername alone—without a hostname or domain—must be used.
- If the target machine is on a domain, the administrator credential must include the domain. The username field must be in the form
- Select an agent install package. The selected agent install package must be appropriate for:
- Windows machines if the LAN Watch discovery machine was a Windows machine.
- Macintosh machines if the LAN Watch discovery machine was a Macintosh machine.
- Linux machines if the LAN Watch discovery machine was a Linux machine.
- Click Install.
Kconnect and SSH
The following technologies are used by Agent > Install Agents to install agents on remote systems after a LAN Watch scan is run on the discovery machine.
- Kconnect enables the installation of agent packages on remote target systems running a Windows operating system
- SSH (aka Secure Shell) is a network protocol that allows data to be exchanged using a secure channel between two networked devices. This protocol is primarily used on Unix-based systems, including Mac OS X and Linux.
- Mac OS X 10.3.9 and above machines must have SSH Remote Login in System Preferences > Sharing > Remote Login enabled to support the remote install of Macintosh agents using Install Agents.
- On Linux
sshdmust be installed and enabled. This is not enabled by default in some Linux distributions.
A valid credential set with administrator rights is required to successfully install an agent remotely.
Note:The KcsSetup installer skips installation if it detects an agent is already on a machine if the /e switch is present in the installer package. The installer overwrites installation if it detects an agent is already installed on a machine if the /r switch is present in the installer package. The /r switch overrides the /e switch if both switches are included in the agent package.
Running Kconnect
When Install Agent is run, Kconnect.exe is downloaded from the KServer into the c:\kworking directory and run using the following command line. You don't have to create this command line. Install Agent does it for you.
c:\kworking\kconnect \\hostname -u "adminname" -p "password" -c -f -d "c:\kworking\kcssetup.exe" > c:\kworking\LANInsAipAddr.txt
The terms hostname and ipAddr refer to the remote machine. If the agent is on a drive other than C: then the working files are referenced to the same drive the agent is installed on.
Kconnect Error Messages
If a remote Windows agent installation fails for any reason, the KServer passes back the results reported by Kconnect.exe. Typically, Kconnect.exe is simply reporting OS errors that it received trying to execute a call.
Typical Reasons for Install Failure
See Install Issues and Failures for a general agent install issues and failures. Additional issues and failure related to remote installation of agents using Install Agents include:
- File and Printer Sharing Not Enabled - Verify File and Printer Sharing is enabled on the target machine's firewall if the target machine's firewall is on.
- Blocked by Network Security Policy
- Windows - Kconnect.exe connects to the remote PC through the RPC service and runs as a local account. Remote access to this service is controlled by a Local or Domain Security Setting. Open Local Security Policy (part of Administrative Tools). Open Local Policies\Security Options\Network access: Sharing and security model for local accounts. The policy must be set to Classic for Kconnect.exe to operate across the network.
Note: Classic is the default setting for machines that are members of a domain. Guest is the default setting for machines that are not in a domain. Microsoft does not allow Windows XP Home Edition to become a domain member.
- Macintosh - SSH can be blocked by client management network policies, which are configured using Server Admin in Mac OS X 10.4 and later.
- Windows - Kconnect.exe connects to the remote PC through the RPC service and runs as a local account. Remote access to this service is controlled by a Local or Domain Security Setting. Open Local Security Policy (part of Administrative Tools). Open Local Policies\Security Options\Network access: Sharing and security model for local accounts. The policy must be set to Classic for Kconnect.exe to operate across the network.
- Failure to Connect - The RPC service is not available on the target machine. For example, XP Home does not support RPC. This prevents anything from remotely executing on that box. On Windows XP you can turn this service on by opening Windows Explorer and selecting Tools - Folder Option... - View tab. Scroll to the bottom of the list and uncheck Use simple file sharing. The XP default configurations are as follows:
- XP Pro on a domain - RPC enabled by default. Use simple file sharing is unchecked.
- XP Pro in a workgroup - RPC disabled by default. Use simple file sharing is checked.
- XP Home - RPC disabled always. Use simple file sharing is not available.
- Network Path Not Found - If you get a message saying that the network path could not be found, it means that the
admin$share is not available on that machine. Theadmin$share is a default share that windows creates when it boots, it is possible to turn this off via the local security policy, or domain policy. If you want to check the shares on that remote machine you can use Kconnect.exe to retrieve a list for you. Typekconnect \\ "net share". Check that theadmin$share exists and points toc:\windowsorc:\winnton older operating systems. - Blocked by Anti-Virus Program - Some anti-virus programs may classify Kconnect.exe and SSH as security threats and block its execution.
- Invalid Credential - The credential must have administrator rights on the local machine. The agent requires administrator rights to install successfully.
- If the target machine is on a domain, the administrator credential must include the domain. The username field must be in the form
domain\administratororadministrator@domain. If the target machine is not on a domain, then the administrator credential must include the hostname in the formhostname\administrator. For Linux machines, therootusername alone—without a hostname or domain—must be used. - On Vista, 7, and 2008 machines, ensure User Account Control (UAC) is disabled for the administrator rights credential being used.
- Mac OS - Macintosh agent install packages require a credential when using Agent > Install Agent, or when installing agents using the /s "silent install" switch.
- Linux - Linux machines credentials must use the
rootuser on the Install Agents page. Embedding arootcredential in the agent install package is unnecessary for Linux agent install packages used on the Install Agents page.
- If the target machine is on a domain, the administrator credential must include the domain. The username field must be in the form
- SSH Not Installed or Enabled - Mac OS X 10.3.9 and above machines must have SSH Remote Login in System Preferences > Sharing > Remote Login enabled to support the remote install of Macintosh agents using Install Agents. On Linux
sshdmust be installed and enabled. This is not enabled by default in some Linux distributions.
Testing and Troubleshooting
Admin Logon Name
The administrator name used to remotely access the selected machine. The Admin Logon Name must have administrator rights on the remote selected machine. Multiple accounts may have administrator rights on the same machine. Your domain administrator account may be different than the local administrator account. To ensure you are using the domain account enter the logon name using the domain\administrator or or administrator@domain format. If the target machine is on a domain, the administrator credential must include the domain. For Linux machines, the root username alone—without a hostname or domain—must be used.
Password
The password associated with the Admin Logon Name.
Install
Click Install to schedule an installation of the selected install package on all selected machines.
Cancel
Click Cancel to cancel execution of this task on selected managed machines.
Select an Agent Package to Install
Select the agent package to remotely install on selected machines. These packages are created using Deploy Agents.
Show all devices
Check this to see possible machines that did not report a host name. such as Mac machines that do not have a DNS.
Hide devices that match the MAC address of existing machine IDs
Check this box to hide all machines on a LAN with a MAC address matching the MAC address of an existing machine ID / group ID account.
Hide devices that match the computer names of existing machine in <machine ID>
Check this box to hide machines that have a common computer name in this same group ID. A LAN Watch may discover an managed machine with a second device using a different MAC ID then the one used to report to the KServer. For example, the same managed machine may connect to the internet using direct connection and have a second wireless connection with a different MAC ID. Checking this box hides the second device from this list so that you don't assume you've found a new unmanaged machine.
Select All/Unselect All
Click the Select All link to check all rows on the page. Click the Unselect All link to uncheck all rows on the page.
Host Name
The host name of each device on the LAN discovered by the latest LAN Watch scan.
IP Address
The private IP address of each device discovered by the latest LAN Watch scan.
MAC Address
The MAC address of each device discovered by the latest LAN Watch scan.
Vendor
The system manufacturer.
Last Seen
The time each device was last detected by the latest LAN Watch scan.
Topic 400: Send Feedback. Download a PDF of this online book from the first topic in the table of contents. Print this topic.